XCP DRM Software Detection

This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has a rootkit installed on it.

Description :

First 4 Internet's Extended Copy Protection (XCP) digital rights
management software is installed on the remote Windows host. While it
is not malicious per se, the software hides files, processes, and
registry keys / values from ordinary inspection, which has been
exploited by several viruses to hide from antivirus software.

See also :


Solution :

On the affected host, run the DOS command 'cmd /k sc delete
$sys$aries' to deactivate the software and reboot.

Risk factor :

Medium / CVSS Base Score : 6.2

Family: Windows

Nessus Plugin ID: 20212 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now